[Openid-specs-ab] Little more feedback

sakimura sakimura at gmail.com
Wed Jul 13 01:11:26 UTC 2011


 Breno,

 On Tue, 12 Jul 2011 11:28:39 -0700, Breno de Medeiros wrote:
> On Tue, Jul 12, 2011 at 11:25, Nat Sakimura <sakimura at gmail.com> 
> wrote:

>>>
>>> feedback we get from developers is contrary to this.
>>
>> So they like the current organization?
>>
>>>
>>> The reason things are confusing right now has to do with the fact 
>>> that
>>> the spec has been refactored many times and the writing did not 
>>> keep
>>> up well. We need to fix the writing, not merge specs when we have
>>> evidence it will be damaging to the message of
>>> simplicity+extensibility we want to convey.
>>
>> Could you kindly explain the evidence so that I can understand 
>> better?
>
> We have consistent feedback that the core should be: (1) an HTTP
> binding; (2) contain only the minimum necessary to create an SSO
> protocol.
>
> That means (according to common agreement in yesterday's call) how to
> express the most basic of OpenIDConnect requests and how to use the
> retrieved oauth2 token to obtain an audience-restricted statement of
> user id.
>
> I maintain that nothing else should be in the core.

 So that's what has been suggested above, if I am not mistaken.

 Since HTTP Redirect Binding is a horrible name for the base HTTP SSO,
 call it either "Connect Core (Mike's suggestion)" or simply "Connect 
 (George's suggestion)".
 Then rename the current "Core" as "Core Messages", "Framework" as 
 "Framework Messages",
 or combine the two and call it "Messages".

 What is the problem?

 =nat


More information about the Openid-specs-ab mailing list